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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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I) ^ Responsive to communication(s) filed on 08 September 2005 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) S Claim(s) 1-29 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-29 is/are rejected. 
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Application Papers 
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DETAILED ACTION 



1. 



The response of 9/8/2005 was received and considered. 



2. 



Claims 1-29 are pending. 



Response to Arguments 



3. Applicants arguments with respect to claims 1-29 have been considered but are moot in 
view of the new ground(s) of rejection. Ginter discloses a content distribution system where 
content is distributed with rules for accessing the content, such as confirming the identity of a 
user. While user names, groups, identities, etc. are well-known in the art to be associated with 
certificates, Moreh is cited for teaching explicitly verifying a certificate of a user to allow the 
user to access messages. Therefore, it would have been obvious to modify Ginter to use the user 
names in the rules for accessing to authenticate a user based on the user's identified certificate. 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



5. Claims 1-4, 8-10, 12, 15, 22-23, 26 & 28-29, are rejected under 35 U.S.C. 103(a) as 
being unpatentable over U.S. Patent 5,892,900 to Ginter et al. (Ginter) in view of U.S. Patent 



Claim Rejections - 35 USC § 103 



6,158,007 to Moreh et al. (Moreh). 
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Regarding claims 1-2, 8-10, 12, 15-16, 24, 26 & 28-29, Ginter discloses an identification 
certificate issued by an identification authority/trustworthy entity (col. 210, lines 31-45) 
containing a template serving as identification data of a user receiving a content, said template 
including at least one piece of personal biotic information or personal non-biotic 
information/name (col. 210, lines 31-45), container information/container in which a content 
transaction condition/use rights (col. 55, lines 1-1 1) is set including an identification certificate 
identifier list/specified employee (col. 55, lines 21-23) associated with said identification 
certificate (col. 212, lines 1-16), a content key for enciphering a content (col. 223, lines 5-1 1), a 
secure container (col. 59, lines 8-15 & col. 134, lines 29-58) including the content enciphered 
with the content key and said container information (col. 59, lines 8-47), a content distributor for 
distributing the content by moving said secure container (Fig. 2, #102 & 106), at least one user 
device/SPU for transacting the content with said content distributor (col. 60, lines 7-16), whereby 
user authentication is performed (col. 212, lines 1-16). Ginter is silent regarding authentication 
being performed in accordance with the identification certificate identified on the basis of the 
identification certificate identifier list when said secure container is moved, so that the content 
usable on said user device is distributed with content transaction managed. However, Moreh 
discloses messages accompanied with a list/access control list (Fig. 6, #84 & col. 9, lines 31-60), 
where authentication is performed based on certificates identified in the list (col. 7, lines 39-47 & 
col. 9, lines 58-60) to provide security for messages between users on a computer network (col. 
4, line 66 - col. 5, line 7). Therefore, it would have been obvious to one having ordinary skill in 
the art at the time the invention was made to modify Ginter to explicitly authenticate the user 
identified in the rights condition using the user's certificate. One of ordinary skill in the art 
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would have been motivated to perform such a modification to provide additional security for the 
secure containers transferred between users on a computer network, as taught by Moreh (Fig. 6, 
#84, col. 4, line 66 - col. 5, line 7, col. 7, lines 39-47 & col. 9, lines 31-60, col. 7, lines 39-47). 

Regarding claims 3 & 17, Ginter discloses the container information including data in 
which the condition of secondary distribution is set (col. 59, lines 42-48). 

Regarding claims 4 & 1 8, Ginter discloses that said content distributor is a service 
provider distributing said secure container (Fig. 2, col. 7, lines 45-57 & col. 56, lines 47-55), the 
service provider authenticating a user of said user device receiving said secure container, 
subsequently allowing the content to be used on said user device, provided that the user has been 
authenticated (col. 12, lines 31-38, col. 21, lines 46-59 & col. 212, lines 3-16). 

Regarding claims 22 & 23, Ginter, as modified above by Moreh, is silent as to from 
where the authentication service acquires the user's certificate. However, the examiner takes 
Official Notice that acquiring a certificate from a certificate authority and subsequently storing 
the certificate locally is old and well established in the art of authentication as a method of using 
digital certificates for authentication, while minimizing re-requesting the certificate. Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the invention was 
made to both contact a certificate authority to acquire the certificate and then to retrieve a pre- 
stored certificate subsequently. One of ordinary skill in the art would have been motivated to 
perform such a modification to authenticate the user while minimizing re-requesting of the 
certificate. This advantage is well known to those skilled in the art. 
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6. Claims 5-7, 19-21 & 27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ginter & Moreh, as applied to claims 1, 15 & 26 above, in further view of U.S. Patent 
6,636,966 to Lee et al. (Lee). Ginter lacks authenticating the user and informing the service 
provider of the user authentication, whereby the service provider distributes the content key to 
the user. However, Lee teaches a host authenticating a user (using the authorization server) and 
producing an authentication message stating as such to a key server (col. 5, lines 36-38), and the 
host device delivering the authentication message to a content key server, which returns the 
content key to decrypt content (col. 5, lines 27-40 & Figs. 2A-2B). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made to modify 
Ginter to inform a content key server of an authentication result and request the server return the 
content key. One of ordinary skill in the art would have been motivated to perform such a 
modification to enable portions of data on a storage medium and to provide robust security, as 
taught by Lee (col. 3, lines 26-39, col. 5, lines 27-40 & Figs. 2A-2B). 

7. Claims 1 1 & 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ginter & 
Moreh, as applied to claims 1 & 15 above, in further view of "IBM Cryptolopes, 
SuperDistribution and Digital Rights Management" by Kaplan. Ginter lacks explicitly storing a 
signature. However, Kaplan discloses that including a signature in a cryptographic container 
allows the user to authenticate its contents (p. 5, |2-3). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to modify Ginter to 
include a signature in the container. One of ordinary skill in the art would have been motivated 
to perform such a modification to authenticate its contents, as taught by Kaplan (p. 5, f 2-3). 
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8. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Ginter & 
Moreh 5 as applied to claim 1 above, in further view of U.S. Patent 5,949,877 to Traw et al. 
(Traw). Ginter, as modified above, lacks user devices authenticating one another when data are 
transmitted between them, and a data-transmitting user device generating a digital signature to 
data to be transmitted and a data-receiving user device verifying the digital signature. However, 
Traw teaches that to protect content from copying or misuse (col. 1, lines 40-48), each device 
authenticates the other devices (col. 6, lines 63-65) by generating a digital signature which is to 
be verified by the receiving device (col. 7, lines 5-35). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to modify Ginter to 
include user devices authenticating one another when data are transmitted between them, and a 
data-transmitting user device generating a digital signature to data to be transmitted and a data- 
receiving user device verifying the digital signature. One of ordinary skill in the art would have 
been motivated to perform such a modification to protect content from copying or misuse, as 
taught by Traw (col. 1, lines 40-48, col. 6, lines 63-65 & col. 7, lines 5-35). 

9. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Ginter & 
Moreh, as applied to claim 1 above, in further view of U.S. Patent 5,534,855 to Shockley et al. 
(Shockley). Ginter, as best understood, lacks the template/certificate including at least one piece 
of information selected from among personal biotic information including fingerprint 
information, retina pattern information, iris pattern information, voice print information, and 
handwriting information and a non-biotic information including a seal, a passport, a drivers 
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license, and a identification card or any combination of the biotic and non-biotic information and 
a password. However, Shockley teaches that to guard against probing and user penetration, 
computer systems authenticate the identity of a user with biometrics (col. 1, lines 40-48), which 
are integrity locked into a certificate along with, for example, the user's public key (col. 5, lines 
48-58). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to modify Ginter to include biotic data into the certificate (from Moreh). 
One of ordinary skill in the art would have been motivated to perform such a modification to 
guard against probing and user penetration by authenticating the identity of a user with 
biometrics, as taught by Shockley (col. 1, lines 40-48 & col. 5, lines 48-58). 

Conclusion 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272-3841 . 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gregory Morse can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571) 273-8300 

(for formal communications intended for entry) 

Or: 

(571) 273-3841 (Examiner's fax, for informal or draft communications, please 
label "PROPOSED" or "DRAFT") 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571) 272-2100. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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November 2 1 , 2005 ~ QREGOHY M03SF 
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